Risky Business #840 -- Microsoft walks back researcher threats

On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution.

They cover:

• Adversaries are tracking US troop locations with commercially available location data
• A new Signal phishing campaign is going after message backups
• 404 Media is suing ICE to get its spyware contract with REDLattice (lol)
• Microsoft’s tone-deaf response to ‘never justifiable’ zero-day disclosures
• Mini Shai-Hulud pops up again just as Glassworm gets shattered
• Much, much more

This week’s episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week’s sponsor interview Authentik’s CEO Fletcher Heisler joins Patrick Gray to talk about how they’re keeping up with the bugpocalypse, and also the work they’re doing to support identities for AI agents.

This episode is also available on YouTube.

Show notes

• The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are | wired.com
• U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’ | TechCrunch Security
• DOD location data attachment (Wyden) |
• Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business Media
• US has seized nearly $1 billion in crypto from Iran, Bessent says |
• Russia claims foreign spy agencies hacked officials' phones | therecord.media
• Hackers are trying to steal Signal users’ backups in new wave of phishing attacks | TechCrunch Security
• We Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social Signals
• Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more | therecord.media
• A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social Signals
• Microsoft says it will not pursue security researchers after zero-day backlash | therecord.media
• IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social Signals
• Federal audit reveals NIST’s NVD is plagued by poor planning and duplication | cyberscoop.com
• Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts | krebsonsecurity.com
• Critical Windows Netlogon RCE flaw now exploited in attacks | BleepingComputer
• CISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV | Cybersecurity Dive
• Password manager Dashlane says hackers stole some customers’ password vaults | TechCrunch Security
• CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.com
• Botnet of more than 17 million devices dismantled | arstechnica.com
• Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans | therecord.media
• ACCC investigating Olympics ticket scam | ABC
• Dozens of Red Hat packages backdoored through its offical NPM channel | arstechnica.com
• Solo podcast: A deep dive on TeamPCP - Risky Business Media |
• Trump administration releases scaled-back AI executive order | cyberscoop.com
• Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket | cyberscoop.com